Case study: How Alperia promotes cybersecurity

What are the material issues the company has identified?

In its 2019 Sustainability Report Alperia identified a range of material issues, such as security of supply, innovation, research and development, health and safety at work, asset integrity, energy consumption. Among these, promoting cybersecurity stands out as a key material issue for Alperia.

Stakeholder engagement in accordance with the GRI Standards              

The Global Reporting Initiative (GRI) defines the Principle of Stakeholder Inclusiveness when identifying material issues (or a company’s most important impacts) as follows:

“The reporting organization shall identify its stakeholders, and explain how it has responded to their reasonable expectations and interests.”

Stakeholders must be consulted in the process of identifying a company’s most important impacts and their reasonable expectations and interests must be taken into account. This is an important cornerstone for CSR / sustainability reporting done responsibly.

Key stakeholder groups Alperia engages with:

How stakeholder engagement was made to identify material issues

To identify and prioritise material topics Alperia engaged with its stakeholders though an anonymous online survey which 176 participants answered.

What actions were taken by Alperia to promote cybersecurity?

In its 2019 Sustainability Report Alperia reports that it took the following actions for promoting cybersecurity:

• Introducing new and better performing management systems
• In 2019, Alperia introduced new and better performing management systems both inside and outside the Alperia world, also including Artificial Intelligence (AI) platforms. Attacks are becoming more frequent and high risk. Most are perpetrated by extremely sophisticated AI software, which is why it is necessary to use the same language in defence. In 2019, Alperia did not suffer from any significant cybersecurity incidents, but is aware of how important it is to protect yourself with increasingly sophisticated barrier systems. This is why Alperia introduced a double layer antivirus system for email and all the documents are classified according to a specific confidentiality level (public, restricted, confidential). Updating activities continue with trials of the disaster recovery plan and adoption of protection systems against ransomware threats.

• Renewing the ISO 27001 certification
• In 2019, Alperia renewed its ISO 27001 certification, which was extended to include even more stringent checking. This international standard recognises the group’s adoption of a secure system for the management of company information systems (IT and documentary), to monitor and reduce management costs, ensure adequate service levels and monitor and reduce the risk of possible outages. The certification is subject to an annual audit, with additional checks carried out by the group’s Internal Audit. During 2019, Alperia’s business continuity plan was also developed to be activated in the event of attacks. In compliance with the requirements of Europe’s GDPR regulation, a Data Protection Officer (DPO) was appointed external to the IT department. A new privacy-by-design procedure was developed, to be carried out at the start of each new project in order to check if it meets the standards set by privacy and GDPR legislation.

Which GRI Standards and corresponding Sustainable Development Goals (SDGs) have been addressed?

The GRI Standard addressed in this case is: Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data

Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data corresponds to:

• Sustainable Development Goal (SDG) 16: Peace, Justice and Strong Institutions
• Targets: 16.3, 16.10

78% of the world’s 250 largest companies report in accordance with the GRI Standards

SustainCase was primarily created to demonstrate, through case studies, the importance of dealing with a company’s most important impacts in a structured way, with use of the GRI Standards. To show how today’s best-run companies are achieving economic, social and environmental success – and how you can too.

Research by well-recognised institutions is clearly proving that responsible companies can look to the future with optimism.

7 GRI sustainability disclosures get you started

Any size business can start taking sustainability action

GRI, ISEP, CPD Certified Sustainability courses (2-5 days): Live Online or Classroom  (venue: London School of Economics)

• Exclusive FBRH template to begin reporting from day one
• Identify your most important impacts on the Environment, Economy and People
• Formulate in group exercises your plan for action. Begin taking solid, focused, all-round sustainability action ASAP. 
• Benchmarking methodology to set you on a path of continuous improvement

See upcoming training dates.
References:

1) This case study is based on published information by Alperia, located at the link below. For the sake of readability, we did not use brackets or ellipses. However, we made sure that the extra or missing words did not change the report’s meaning. If you would like to quote these written sources from the original, please revert to the original on the Global Reporting Initiative’s Sustainability Disclosure Database at the link:

http://database.globalreporting.org/

2) https://www.globalreporting.org/standards/gri-standards-download-center/

Note to Alperia: With each case study we send out an email requesting a comment on this case study. If you have not received such an email please contact us.